Usermod -aG vs gpasswd -a as a best practice

I am aware that usermod -g is not best practice from many posts like this however they normally explain the usermod should not be used as it changes the primary group of a user. These posts don't seem to take into account the -aG switch which just appends the group.

Is this still poor practice or no different than using gpasswd -a?


They both can do the same, it's just with usermod you can do it wrong if you don't pay enough attention.

In this wiki from Arch Linux (it is the same for other distros), it's explained:

To add a user to other groups use (additional_groups is a comma-separated list):

# usermod -aG additional_groups username

Warning: If the -a option is omitted in the usermod command above, the user is removed from all groups not listed in additional_groups (i.e. the user will be member only of those groups listed in additional_groups).

Alternatively, gpasswd may be used. Though the username can only be added (or removed) from one group at a time.

# gpasswd --add username group